A hacker group mounts a stealthy, days-long, brute-force attack on your enterprise’s networks but fails to gain access. Cyber criminals test millions of passwords against a corporate server in a massive credential-stuffing attack but get nowhere. Then, an employee clicks on a convincing link in a homograph attack, and all that hard work falls by the wayside as hackers breach the corporate network.
Despite doing everything right, malware has now infiltrated your business and brought it to a standstill with your critical data being held hostage. The price tag on the decryption key that will unlock your systems is tens of thousands of dollars, if not more.
This nightmare scenario has become a reality for more and more organisations in 2020. According to the Veritas 2020 Ransomware Resiliency Report, a staggering 72% of organisations in Singapore who suffered a ransomware attack either paid the ransom in full or in part. These attacks were extremely disruptive, with 43% of respondents estimating that it resulted in five to 10 days of business disruption due to a ransomware attack on average.
Such attacks are becoming commonplace in today’s digitalised setup with experts agreeing that 2021 will bring even more sophisticated and targeted attacks. Every business should assume that it is a target and plan from there. The key is a belt and braces approach that adds data backup and recovery to IT security to help prevent, contain, and recover from ransomware.
Increasing IT complexity
Whilst you can’t stop every attack, prevention strategies can certainly minimise the number of hacking attempts that become successful. Data protection, with multiple layers of defense deployed including firewalls, email and spam filters, anti-malware endpoint protection software, and user education should be every company’s first line of defence.
However, growing IT complexity created by the extensive adoption of multiple different cloud platforms, and greater use of distributed data centres, hybrid cloud operations and multiple storage and data protection suppliers makes IT security even more difficult to assure.
As a result, IT leaders should always assume that their IT security measures will inevitably be breached and, as they struggle to defend increasingly complex networks and avoid ransomware, a sound backup and recovery strategy is critical.
It’s no surprise that this IT complexity makes backup and recovery more difficult. Despite experts cautioning against giving in to ransom demands, since full decryption is not guaranteed, many companies are forced to pay at least part of what is demanded, because their backup and recovery measures prove inadequate to retrieve their data.
Best practices for backup and recovery
Backups won’t prevent an attack or stop a hacker from releasing sensitive data, but an effective backup and recovery strategy is a safety net that has saved many businesses from disaster. This requires multiple copies of all valuable data—and these copies must be both complete and current, with one stored offline and preferably air gapped for airtight security.
Here are five practices for recovery you can rely on:
- Execute backups regularly: To limit damage from a ransomware attack, run backups at least daily, and employ continuous data protection on critical data, to shrink your Recovery Point Objective. This will reduce potential data loss to levels that minimise the impact to the business. Also, regularly practise recovering data, in an automated or orchestrated way, to ensure that the right information is being protected, and that systems can be brought back on-line in a timely manner. AI can now also help to ‘selfheal’ backup sets that become corrupted.
- Store backups in multiple locations: The best practice for backup is to keep three or more copies of your data, on at least two different types of media (e.g. local disk and public cloud), one of which is offsite and offline. Keeping backup copies of your data in off-site locations makes it harder for hackers to capture all copies of your data, because ransomware can typically only encrypt the files and data that it can access directly.
- Harden backup platforms: Ransomware will often encrypt the operating systems and data stores of many backup platforms. Thus, you need backup solutions that are protected against malware and have intrusion detection systems built-in. These hardened systems can often be used to restore other backup environments, further improving network protection. It goes without saying that you must be vigilant in updating backup software regularly, to address known vulnerabilities and improve functionality.
- Consolidate backup solutions: Many cloud and SaaS providers offer in-build data protection as an add on, and many data protection companies specialise in protecting specific environments or workloads. However, these solutions can significantly complicate the process of restoring data in the wake of an attack, as administrators grapple with multiple tools and platforms, while they try to reassemble the primary data set.
- Understand your data: Unless a business understands what data it has and where, it’s impossible to build an effective backup and recovery strategy. Veritas research shows that 52 percent of business data is ‘dark’, meaning the organisation doesn’t know what it, or its value, is. Once an organisation gets on top of this challenge, they’re able to back up all the data that’s important to them.
We can be sure that malicious ransomware attacks will continue to pose critical threats, and are becoming more sophisticated and potentially devastating. As such, the time to act is now. For security and peace of mind, assess your backup and recovery strategy, and make your backup processes more robust, no matter where your data and applications are hosted.
Justin Loh is Country Director for Singapore at Veritas Technologies.